For years, the US government loudly warned the world that Chinese routers and other internet devices pose a "threat" because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.

What surprises me the most is that there are still people who are surprised by this.

We shouldn't even be talking about this in terms of "surprise" any more. We know what's going on, and it's a tragedy. If polio was wiping out an entire nation, 6 months after the outbreak, we wouldn't be talking about how we're "surprised" or "not surprised" that people are still dying of polio.

What's important here is now the scope. What are the NSA doing, how are they doing it, and what's the extent of the damage to the internet, and how do we move forward. Many members of OSNews are software developers, and we've gotten ourselves into this position by not taking security seriously (sometimes in OS design, protocols, or the internet!) This is not the time to talk about surprise, it's time to take stock and actually talk about and build the solutions to this mess.

What's important here is now the scope. What are the NSA doing, how are they doing it, and what's the extent of the damage to the internet, and how do we move forward. Many members of OSNews are software developers, and we've gotten ourselves into this position by not taking security seriously (sometimes in OS design, protocols, or the internet!) This is not the time to talk about surprise, it's time to take stock and actually talk about and build the solutions to this mess.

I agree with you. In my mind the problem isn't the lack of solutions, it's that the behemoth corporations like google, microsoft, facebook, etc continue to push for poor security designs that keep *centralized* control over all our data. This model is inherently broken in terms of privacy. Developers could improve the privacy of most services by decentralizing them and keeping the data encrypted from the service providers themselves. Companies like Google know this very well, but fixing it would negatively impact their ability to datamine our information and to serve us ads. This is a major conflict of interest with respect to user privacy, and realistically few corporations are principled enough to promote the cryptographically private solutions that would give themselves the boot.